One other ‘unhackable’ product has seemingly paid the value of creating excessive claims – this time, it’s the eyeDisk flash drive. In line with a researcher, the drive that claims to have impeccable information safety with iris scan know-how paradoxically uncovered passwords in plain textual content.
eyeDisk Flash Drive Vulnerability
A researcher from Pen Take a look at Companions found a vulnerability within the seemingly ‘unhackable’ eyeDisk Flash Drive. He discovered that the system may expose passwords in plain textual content, making the info susceptible. The researcher David Lodge has acknowledged about his findings in his blog post.
As revealed, Lodge first examined the system for some apparent safety points. He discovered that the drive labored seemingly effectively because it didn’t unlock with {a photograph}. Then he proceeded additional to dissect the system for its {hardware}. The system turned out to be a USB keep on with a hub and an hooked up digital camera. Even then he didn’t discover something alarming.
Nonetheless, upon inspecting the software program, he may detect the issues. He discovered that the drive’s authenticator component handed alongside some password to manage the software program. David Lodge may sniff the USB visitors with Wireshark and located that the system despatched these passwords in plain textual content.
The software program collects the password first, then validates the user-entered password BEFORE sending the unlock password.
Consequently, anybody may simply sniff the USB visitors to acquire the passwords in clear textual content, thereby turning into capable of unlock the system and entry information.
A number of complicated SCSI instructions had been used to grasp the controller aspect of the system. However acquiring the password/iris might be achieved by merely sniffing the USB visitors to get the password/hash in clear textual content.
No Repair But – Drive Stays ‘Hackable’
The makers of the gadget claimed superior information safety for the system because it operates on iris scan know-how. As well as, in addition they claimed to have an proprietary algorithm that supposedly made the system ‘unhackable’. As claimed of their Kickstarter campaign,
eyeDisk options AES 256-bit encryption to your iris sample. We develop our personal iris recognition algorithm in order that nobody can hack your USB drive even they’ve your iris sample.
Nonetheless, just a little meddling with the software program by the researcher swiftly unveiled the weak point of such claims. Lodge advises the customers of the eyeDisk Flash drive to not rely fully on the system for information safety, significantly when there isn’t any repair from the distributors but.
Within the absence of a repair or any recommendation from EyeDisk, our recommendation to customers of the system is to cease counting on it as a way of securing your data- until you apply extra controls equivalent to encrypting your information earlier than you copy it to the system.
Beforehand, McAfee’s BitFi Wallet and the Viper car alarm system have additionally made comparable claims and, it didn’t take a lot time for safety researchers to show them improper. As soon as once more, researchers have seemingly proved that ‘nothing is unhackable’.
Tell us your ideas within the feedback part.